Difference between revisions of "PM Software Stack"
|Line 39:||Line 39:|
* rtorrent.rc template "modernized", and things moved around etc.
* rtorrent.rc template "modernized", and things moved around etc.
* minimum peers lowered to just a few
* minimum peers lowered to just a few
* template.nginx-conf: keepalive timeout 65s -> 20s, client max body size 4096M -> 8192M, TLSv1 removed
* template.nginx-conf: keepalive timeout 65s -> 20s, client max body size 4096M -> 8192M, TLSv1 removed
==== 06/02/2020 ====
==== 06/02/2020 ====
Revision as of 12:18, 7 February 2020
PMSS, short of PM Software Stack is a compilation of scripts to manage single server side seedbox configuration, turning instantly and conveniently an regular Debian 8.0 server into a seedbox. Debian 8 support is considered stable. It is free to use for anyone, see Installing PM Software Stack.
- 1 General features
- 2 Using PMSS
- 3 Debian 8 notes
- 4 Changelog
- 4.1 Changes 2020
- 4.2 Changes 2019
- 4.3 Changes 2018
- 4.4 Changes 2017
- 4.5 Changes 2016
- 4.5.1 29/12/2016
- 4.5.2 07/12/2016
- 4.5.3 27/10/2016
- 4.5.4 01/10/2016
- 4.5.5 25/09/2016
- 4.5.6 08/09/2016
- 4.5.7 05/09/2016
- 4.5.8 03/09/2016
- 4.5.9 03/08/2016
- 4.5.10 25/07/2016
- 4.5.11 21/02/2016
- 4.5.12 07/02/2016
- 4.5.13 28/01/2016
- 4.5.14 24/01/2016
- 4.5.15 14/01/2016
- 4.5.16 11/01/2016
- 4.5.17 05/01/2016
- 4.5.18 01/01/2016
- 4.6 Changes 2015
- 4.6.1 30/12/2015
- 4.6.2 28/12/2015
- 4.6.3 26/12/2015
- 4.6.4 21/12/2015
- 4.6.5 20/12/2015
- 4.6.6 19/12/2015
- 4.6.7 08/12/2015
- 4.6.8 30/11/2015
- 4.6.9 18/11/2015
- 4.6.10 12/11/2015
- 4.6.11 26/10/2015
- 4.6.12 24/10/2015
- 4.6.13 16/10/2015
- 4.6.14 12/10/2015
- 4.6.15 11/10/2015
- 4.6.16 10/10/2015
- 4.6.17 09/10/2015
- 4.6.18 04/10/2015
- 4.6.19 02/10/2015
- 4.6.20 01/10/2015
- 4.6.21 30/09/2015
- 4.6.22 29/09/2015
- 4.6.23 28/09/2015
- 4.6.24 27/09/2015
- 4.6.25 04/09/2015
- 4.6.26 30/08/2015
- 4.6.27 11/08/2015
- 4.6.28 10/08/2015
- 4.6.29 02/06/2015
- 4.6.30 06/04/2015
- 4.6.31 05/04/2015
- 4.6.32 02/04/2015
- 4.6.33 01/04/2015
- 4.6.34 31/03/2015
- 4.6.35 07/03/2015
- 4.6.36 27/02/2015
- 4.6.37 26/02/2015
- 4.6.38 02/02/2015
- 4.6.39 31/01/2015
- 4.6.40 30/01/2015
- 4.6.41 21/01/2015
- 4.6.42 19/01/2015
- 4.7 Changes 2011-2014
Primary design goals are reliability and ease of server management.
- Automatic installation
- Fast and easy creation of new user accounts with quota and rTorrent resource limits, etc.
- Easy user resource reconfiguration
- Autonomous, idempotent Lighttpd, Nginx, rTorrent configuration
- Single Lighttpd process per user with custom config per user (including php config)
- Public web hosting directory availability for users (/public-USERNAME/)
- Autonomous configuration of server features
- Compiles rTorrent + libTorrent + Quota + XMLRPC from source.
- Multiple redundancy levels for rTorrent
- Lighttpd redundancy / autorestart
- Server optimizations to maximize performance
- Terminate, Suspend/Unsuspend users
- Server administration tools
Debian 8 notes
Debian 8 support is considered stable, and support for Debian 8 is going to be maintained by estimation until H1 2021. Typical python pip issues still exists, stuff keeps breaking at random intervals with python pip, there is no intent to fix these issues as it is considered wasted work - There is always bound to be showstopper changes with pip, requiring all the installers etc. to be overhauled sometimes weekly. Future version will likely bypass bypass pip completely as pip cannot be relied upon.
- .rtorrentExecute.php: Add failsafe checks for rtorrent or executor already running, if more than 1x rtorrent running kill all rtorrent instances.
- lib/rtorrentConfig.php: Remove rtorrent.rc custom option from here, it can be done via config
- skel/.rtorrent.rc.custom: Added
- rtorrent.rc template changed to try loading this file
- rtorrent.rc template "modernized", and things moved around etc.
- minimum peers lowered to just a few
- template.nginx-conf: keepalive timeout 65s -> 20s, client max body size 4096M -> 8192M, TLSv1 removed, SSLv3 added
- template.nginx-site-default: HTTPS/SSL Section separate to template.nginx-site-default-default-ssl, replace with placeholder which will cause nginx not to launch unless configured by configurator
- template.nginx-site-default-ssl: added with original config, except protocols changed and ciphers matching let's encrypt
- util/createNginxConfig: make building https/ssl config around either self signed cert, or let's encrypt
- lib/rtorrentConfig.php: Add support for .rtorrent.rc.custom - this is included on top of the config file, so resource settings should get overwritten and remain same
Bonding interface support
- lib/networkInfo.php: Network information fetching snippet
- util/setupNetwork.php: Refactor link determination stuff to networkInfo.php. Fix static definitions for eth0
- lib/apps/vnstat.php: Use networkInfo output for link + speeds
- cron/trafficLog.php: Use linkspeed to determine maximum usage.
More rTorrent regression fixes for 0.9.8 -> simple renamings of old config options etc.
- lib/rTorrentConfig.php: Use new template with these fixed, and for memory instead of bytes define as megabytes
rTorrent regressions fix for 0.9.8, described at: https://github.com/Novik/ruTorrent/commit/ec8d8f1887af57793a671258072b59193a5d8d6c
- change skel according to above patch
- util/update-step2.php: update above user files
- Remove use_udp_trackers and extranous use_udp_set from .rtorrent.rc template, and bump date.
- lib/rtorrentConfig.php: Use the new version
- util/update-step2.php: Bump rtorrent version to 0.9.8 libtorrent to 0.13.8
- util/update-step2.php: Remove use_udp_set = yes from local template AND from users
- install.sh: Bump rtorrent version to 0.9.7 libtorrent to 0.13.8
- util/update-step2.php: Fix updating repos and add dist-upgrade -y
- etc/seedbox/config/template.openvpn.server.config: change to use aes-256-cbc cipher
- lib/apps/openvpn.php: Update server config if template has changed
- lib/apps/openvpn.php: Fixed long standing bug with config tar package not being created properly (empty)
- etc/seedbox/config/root.cron: checkDirectories changed to hourly. Add @reboot tasks for checkInstances, checkLighttpdInstances and checkDirectories and have some delays for the @reboot tasks so not everything launches on the same second.
- soft.sh: do not delete scripts directory - usually nothing is removed from here, just added or updated. Removed web proxy removal as we have not had that many years in any case
- util/setupNetwork.php: Added logging tcpsack
- util/update-step2.php: Put date into /var/run/pmss/updated for reference, also make sure dir exists.
- cron/checkGui.php: New cronjob, every 10 mins to check if index.php is intact, copy new one if not. This can occasionally happen when user is over quota and beyond burst period.
- etc/skel/www: index.php, info.php, stats.php, welcome.php updated to the latest being distributed.
- util/setupNetwork.php: Add iptables rule to drop certain size mss, mitigating tcpsack attacks; and further disable tcp_sack kernel
- util/setupNetwork.php: Fix not clearing INPUT rules first, thus making multiples of the same rules.
- util/setupNetwork.php: Dropping specific targets now use insert (to make high on list) and accept rules at bottom
- root.cron: Long standing bug with @reboot setupNetwork cron job fixed. This was causing why OpenVPN does not always function as expected.
- ruTorrent: remove diskspace plugin, and include our own disk quota plugin
- cron/trafficLimits.php: Add unix socket support
- cron/trafficLimits.php: Check & create runtime directory if does not exist
- cron/trafficLimits.php: Issue second traffic limit removal command to make sure it actually happens
- ~/.rtorrentExecute.php: Drop waiting periods to make restart happen faster
- root.cron: Drop checkinstance periods from 5 minutes to 2 minutes for faster restarts
- root.cron: Redirect checkDirectories log output to /dev/null. Cron may not execute if redirected to log directory and log directory does not execute ... making circular issue
- root.cron: Drop traffic stats collection from 5 mins to 10mins
- cron/trafficStats.php: Save daily traffic consumption to ~/.trafficData
- www/info.php: Add chartjs loading
- www/stats.php: Add daily charts for traffic consumption
- util/update-step2.php: Install sox, nzbget
- util/userConfig.php: Removing some commented out code
- RuTorrent updated to latest V3.9 stable release! Not updating existing users yet, only for userspace rebuilds & new users
- config/root.cron: Typoes in the renice commands fixed.
- lib/rtorrentConfig.php: added file exists check and creation in the write config function, in case user has deleted their config file
- cron/trafficStats.php: Check runtime directory readability and change way of creating to via shell
- fix localnet filepermissions on rtorrent conf
- change rtorrent config template scgi settings
- rtorrent config chmods localnet file to 644 to avoid random permission issues
- change rutorrent config scgi settings
- apps/packages.php had a typo this has been fixed.
- apps/rclone.php: bug fixed version checking, every other update would remove rclone completely etc.
- Change jessie repos again, and disable valid until verification for repos to continue functioning as expected
- refactored a lot of apt package install to lib/apps/packages.php
- refactored a lot of package install from install.sh to lib/apps/packages.php
- refactored more python stuff to lib/apps/python.php
- Some update-step2 refactoring on useless legacy stuff, remove api remotekey etc.
- Refactored runtime directories checking from update-step2 as a new cronjob - further found potential security issue where a local user could after reboot gain priviledges to the runtime data in /var/log/pmss or logs /var/log/pmss
- Update jessie repos
- Rework sonarr/nzbdrone installer, staging due to jessie repo changes was a necessity
- create /scripts/lib/apps folder to refactor different application installers for easier maintenance
- lib/apps: did megatools, mono, sonarr installers, btsync
- Added resilio sync THIS IS UNTESTED 100%
- Renamed btsync to be btsync1.4 and created symlink btsync to point to 2.2 WARNING: If you are running btsync 1.4 this might break you
- cron/trafficStats.php: Make sure runtime temp directory exists. Sometimes after reboot this folder might be missing for few hours
- update.php: Remove apt-get update, move it to update-step2. comment out setupApiKey as that is not currently being utilized
- update-step2.php: Remove debian lenny and squeeze repos etc. as those have not been used for years in production. There might still be some wheezy installations in the wild so not touching those.
- update-step2.php: For some bizarre reason there was apt-get install for rar, unrar and mktorrent in the repo configs, removed those but made sure those are installed quickly after
- lib/apps/syncthing.php: Syncthing installer THIS IS UNTESTED 100% it may or may not work. Probably does work.
- lib/apps/openvpn.php: Move it here, some refactoring
- lib/apps/rclone.php: Move installation here, some refactoring and commenting for easier future updates. Version updated to 1.47 let us know if there is regressions due to update
- lib/apps/vnstat.php: Move install + config here, move various spread around bits regarding deb8 conflicts to here as well.
- update-step2.php: More commenting and deb version peculiarity fix refactoring and removing more support bits for deb5+6
- lib/apps/python.php: Beginnings of this nightmare. Only added youtube_dl pip3 install so far.
- util/makeMonitoringRules + cron/trafficLog: localnet file was using wrong path, fixed it to be /etc/seedbox/config/localnet
- update-step2: move above mentioned localnet file during update
- setupSkelPermissions: set localnet file permission to globally readable - yes i know wrong place but there was some openvpn configs already here too
- lib/rtorrentConfig.php: Add localnet preferred ipv4 filtering if file is present
- util/update-step2.php: Install spidermonkey JS engine for pyload use, packages
- seedbox/config/root.cron: Add ionice classification for cp as idle process
- seedbox/config/root.cron: Add renice & ionice classification for ffmpeg and rclone as lowest priority
- seedbox/config/root.cron: Ever so slightly bump up the ionice classification for rtorrent processes
- seedbox/config/root.cron: Increase process checking frequencies for faster restarts etc.
- util/update-step2.php: Added package 'ranger' to be installed, a ncurses frontend filemanager.
- util/update-step2.php: Install nethack ... Because nethack! ;)
- util/setupSkelPermissions.php: Also sets openvpn config dir perms. TODO refactor, rename etc.
- util/update-step2.php: put openvpn config to the file update list
- util/update-step2.php: change filemanger recycle bin permissions to 771
- util/update-step2.php: re-enable creating openvpn-config.tgz when making the openvpn config the first time
- util/update-step2.php: Install Filebot 4.8.2
- Release was actually a dev version and latest updates were not pushed, this has been fixed. Caused myriad of network accounting issues etc. weird ones.
- proftpdTemplate: Add directive PassivePorts 60000-65535 to always have a known range
- util/setupNetwork.php: Bogon/Martian drop filters. Base groundwork to add a global bad actor banning mechanism (ie. bruteforce attempts)
- util/update-step2.php: Install package ipset
- util/update-step2.php: Compile & install iprange
- util/update-step2.php: Compile & install firehol
- etc/seedbox/config/template.nginx-user: Increase limit rates to: 500MiB full speed, after that 4096KiBps for users. Public remains as low as before.
- etc/seedbox/config/template.nginx-proxy_params: buffering disable
- etc/seedbox/config/template.lighttpd: Increase server max rate to 51200KiBps, and per connection to 16386KiBps, thus allowing nice bursting at beginning of a transfer :)
- util/update-step2.php: remove some very ancient resolver updates
- util/update-step2.php: remove a deprecated testfile removal
- util/setupNetwork.php: Updated link speed parsing
- util/setupNetwork.php: Determine our net link for getting speed with ethtool
- util/makeMonitoringRules.php: Trim localnets file
- cron/trafficLog.php: Trim localnets file
- cron/trafficLog.php: Fix grep clauses and a few other things related to the localnets monitoring
- showTraffic: Remove each line "Traffic", kinda redundant. making it easier to read :)
- cron/trafficStats.php: Logging date typo fix, even heavier parse error message suppression.
- config/root.cron: Increase trafficStats cron to every 5 minutes as well, and wait 20secs for logging to complete
- cron/trafficLog.php: More grep clause fixes, data collection fixes etc. in relation to local networks. Was not saving general data usage.
- showTraffic: Change when to go for larger measurement unit for display purposes.
- lib/traffic.php: Save local data consumption as well.
- util/remote/userTraffic.php: Change output to support "normal" and "local" data consumption metrics
- showTraffic: make username field wider and shorten if -local file being displayed.
- showTraffic: some display output formatting fixes
- cron/trafficStats.php: notice of parse error supression was in wrong place
- cron/trafficLog.php: Change to 1250MB/s max network utilization for 5minute average to enable monitoring. Still #TODO use ethtool to determine this
- cron/trafficLog.php: log local networks separately on -localnet files
- cron/trafficLog.php: Bug fix unmatched traffic metering (wrong file)
- util/makeMonitoringRules.php: Separate local networks traffic monitoring per user, and finally add a "unmatched owner" rule for local networks
- util/makeMonitoringRules.php: formatting fixes
- New optional config file: /etc/seedbox/localnet, you can input your local networks here with same annotation as iptables. One per line
- util/update-step2.php: Some typo fixes
- util/userTransfer.php: Add public web directory and homedir rutorrent settings folder into migration
- util/update-step2.php: Add package python-virtualenv to be installed
- util/update-step2.php: Install gdrivefs, or atleast try ...
- util/update-step2.php: remove python-pip apt package, easy_install it and link properly. This hopefully fixes python pip issues more than creates new issues, but the whole repo is horribly horribly broken with constantly stuff breaking.
- util/update-step2.php: Add unionfs-fuse, sshfs and s3fs packages.
- util/update-step2.php: Fix flexget installation
- util/ftpConfig.php: Template file changed for 16 connectios per user & host max, plus max instances raised to 60 from 30. No changes to that file, just the template
- util/update-step2.php: Updated rclone to version 1.42. Old download link was not functioning anymore, so moved hosting to our own server.
- util/userTransfer.php: Disable compression for transfers. Most data is anyways compressed, so this ensures higher data rates.
- util/update-step2.php: Add installation of genisoimage xorriso
- cron/trafficStats.php: Fix date formatting for output
- cron/trafficStats.php: Limit parse error messages + make supression if too many (50 for single user)
- rclone update to v1.37
- New rtorrent.rc template file, with some new options enabled
- Rename template.nginx to template.nginx-sites-default
- Add template.nginx-conf for /etc/nginx/nginx.conf
- template.nginx-conf has client_max_body_size 4096M -> Fixes the 1MB file upload size limit which crept back in earlier
- Fix update-step2.php a debian version selector, for which the earlier debug code was for
- Update util/createNginxConfig.php to match above templating changes
- Added packages htop mtr aria2 to be installed by default
- Deb8 specific package setups regarding git and znc debug + extra apt-get instructions to attempt get git installing finally
- Add also systemctl instruction for lighttpd not to start
- Yet another vnstat fix (permissions)
- Fix rclone install path
- cron/cpuStat.php: Collect CPU usage stats, user, nice, sys and idle for 2mins. Saves to /var/run and http publicly fetchable serialized output
- config/root.cron: Add cpuStat to run every 15mins, after 45sec delay (avoid other scheduled cronjobs this way)
- util/update-step2.php: Hack for nzbdrone & mono to get them installed on a Debian 8 system
- util/update-step2.php: Deb8: get prepackaged easy-rsa and configure openvpn, make path issue symlinks to avoid deb8 issues
- util/update-step2.php: revert back to deb7 specific openvpn config to be the normal case and add selection for differences between deb8/deb7.
- util/update-step2.php: remove deb8 speficic openvpn rsa config
- rtorrent.rc min peers setting increased slightly
- lib/rtorrentConfig.php: revamp port selection method
- util/update-step2.php: Refactoring on git, znc, python3, acd_cli installation (deb8 specific) in an attempt to figure out Deb8 issues regarding these (part installed, part not!)
- util/update-step2.php: added lighttpd to list of daemons not to be run as system (only per user). TODO still is to check runlevel management changes for Deb8 (many repo pkgs has not been updated neither)
- cron/cgroup.php: Do not execute currently, not complete
- cron/diskIostat.php: Some commenting and slight refactor
- cron/trafficStats.php: refactor, commenting, couple typo fixes
- cron/checkInstances.php: Slight refactoring, some commeting and clarifying
- cron/checkQuotas.php: remove API calls, that method is deprecated
- cron/trafficLog.php: adding a few code comments, increase temp file entropy
- skel/rutorrent/plugins/autools/plugin.info: add to info note for watch dir breaking things
- plugins/autotools/lang: added warnings to en, de, fi, es
- install.sh: add zip pkg
- install.sh: add -j make parameter
- util/update-step2.php: add -j make parameter
- util/update-step2.php: add zip pkg
- addUser.php: comment out retracker stuff
- util/update-step2.php: (Re)install git, some updates on pkg management on deb8
- util/update-step2.php: Fix vnstat not updating on deb8
- util/update-step2.php: Install Acdcli for amazon cloud drive access
- cron/diskIostat.php: fail if no serial block devices found
- cron/diskSmart.php: Added to collect smart data of disk drives
- cron/diskIostat.php: Include server timestamp on the results
- config/root.cron: Collect IOStat results every 5mins instead of 15mins (2min average)
- util/update-step2.php: Add pigz (parallel implementation of gzip, ) to be installed
- util/update-step2.php: Small refactoring on apt package installs
- lib/update.php: ruTorrent config add setting top directory correctly, filemanager plugin for example requires this
- util/update-step2.php: Add Jessie (Deb8) repors
- util/update-step2.php: Add OpenVPN config for Jessie, OpenVPN config now distro specific
- util/update-step2.php: Remove some old (deb5/6) apt-get instructions
- util/update-step2.php: Debian 8 ffmpeg install from backports added
- util/update-step2.php: znc package selection for Deb8
Preliminary support for deb8, most things work.
- install.sh: Lots small changes to add support for deb8
- util/update-step2.php: Added headers to launch from cli
- util/update-step2.php: Install funcsigs pip package, slight update to upgrade list of packages for flexget
- Small visual updates
- util/update-step2.php: Removed some apt-get instructions as they are in install.sh already
- install.sh: Some slight refactoring on the package installs
- util/update-step2.php: Install rclone
- cron/diskIostat.php: Make iostat current stats available also via direct http download
- checkInstances.php: Typo fix
- checkLighttpdInstances.php: Typo fix
- terminateUser: Comments, multiple killall and userdel directives as procs sometimes just don't want to die ... or are being relaunced. TODO check why this actually happens instead of this hack
- cron/checkInstances.php: If user is suspended, skip trying to start rTorrent ... Infact kill all procs :)
- cron/checkLighttpdInstances.php: Same thing here
- cron/trafficLimits: Some refactoring, adjusting limits for new speed caps and added code to choose limit level based on total traffic limit as well (512K/s allowed to do more than limit on minimal plans)
- lib/rtorrentXmlrpc: Add function for setting download rate
- cron/trafficLimits: Restrict download speed as well IF entry plan (less than 500GiB traffic limit) to 20Mbps
- update-step2: Install libffi-dev, python-dev, pyopenssl ndg-httpsclient pyasn1 cryptography for better flexget support
- update-step2: replace some nameservers with sed to OpenDNS (Online.net is censoring some trackers)
- update-step2: Removed creating /etc/autodl.cfg, instead removing it, as it's not a prerequisite for autodl anymore and we can allow all permissions.
- addUser.php: Set also user homedir .trafficLimit file (so we can display it in GUI), slight refactor on this section
- util/userTrafficLimit.php: Same thing as above
- (GUI) Stats: Added traffic limit number
- (GUI) Welcome page: Added meter for traffic limit
- util/update-step2: Initially typoed filename as tesfile, remove that and create the correct file
- util/update-step2: Create /var/www/testfile, 100M random data
- cron/diskIostat: Added history logging raw output (We are seeing IOPS outputs of 1000+ from magnetic drives, so need debug data for that)
- cron/diskIostat: History logging wrong output mode (should've been append).
- update-step2: Refactoring the openvpn setup section, which also bug fixes the situation where openvpn is setup but configs for users were not made
- upate-step2: Bug fix: cgroup-bin apt-get did not have autoconfirm, requiring human intervention to complete update
- cron/trafficLog: Log www-data & unmatched traffic as well
- cron/trafficStats: Parse for all log files found on logging dir, so includes unmatched, www-data, terminated users etc.
- cron/trafficStats: Log total data for the month period
- cron/trafficStats: Removing legacy code, small refactoring and commenting bits
- showTraffic: Show for all data files found
- lib/traffic.php: saveUserTraffic now saves to /var/run/pmss/trafficStats, and creates that directory if it does not exist
- lib/traffic.php: Bug fix: Skipped if data exceeded 7500Mb in 5mins... that's only 25MB/s. Now limit is 500MB/s with 150 000MiB check.
- showTraffic: Now uses /var data files. Instead of skipping on missing, throw an error
- showTraffic: If data is 0 for the month, skip displaying this user (gone already)
- util/makeMonitoringRules.php: Add 'www-data' to list of users
- showTraffic: Display month total across all users in TiB
- util/update-step2: Fix vnstat configuration typo to set the maximum link speed to 1Gbps
- cron/cgroup.php: Created, initial version. Needs quite a bit of refactoring, testing level right now.
- util/update-step2: install cgroup-bin, add fstab cgroup entry and mount it
- etc/seedbox/config/root.cron: Add cgroup cron job, execute once per hour
- update-step2: run apt-get upgrade at the end
- update-step2: Install btsync 2.2, as btsync2.2. System will have 1.4 as btsync and 2.2 as btsync2.2
- update-step2: separate setup apt sources.list.d/sonarr.list. This also means Sonarr will now update normally.
- createNginxConfig.php: Now always run lighttpd config. This is a bug fix, where manually changed lighttpd port would eventually mismatch on nginx
- configureLighttpd.php: Increased potential port range.
- skel/.lighttpd/custom: Empty file created to avoid warnings. This is where users can input their custom lighttpd settings if they need some.
- userTransfer.php: Added .lighttpd/custom for migration
- userTransfer.php: Decreased the time for re-attempting user migration
- recreateUser.php: Also copy htpasswd file from old version
- (GUI) Change welcome page quota display to use Kibibyte format to avoid confusion.
A privileged user could use an internet download manager to basicly DOS the server with huge amount of threads trying to download large files (gigs in size), with sufficient thread quantity eventually linux kernel couldn't schedule any I/O time for disk nor ram for essential applications such as SSH. This could not be done by unprivileged user since requirement is very large file sizes. This would lead to a race condition as nginx wants to cache as fast as possible, hence "downloading" from user lighttpd process as fast as possible, which results in heavy RAM consumption and 'especially' heavy disk I/O activity - with sufficient threads scheduling breaks down.
- template.lighttpd: Introduce per connection rate limit (2048k/s) and global rate limit (12800k/s)
- template.nginx-user: Introduce user con limit to 16, rate limit (2048k/s) after 100MiB
- template.nginx-user: Introduce public con limit to 8, rate limit (512k/s) after 100MiB
- tmeplate.nginx: Add shared memory zone for connection limits
- util/userConfig.php: Lower limit on filesLimit for very small disk quotas, set to 15000
- (GUI) welcome.php: Display of /etc/seedbox/config/vendorWelcome moved to top of the welcome page
- cron: renice mono and ionice mktorrent added
- update-step2: install some perl modules
- .lighttpd.conf: Add include_shell for .lighttpd/custom for user custom settings
- .lighttpd.conf: Add rutorrent no cache headers, and also add mod_setenv to be loaded
- rtorrent.rc template: Increased base buffers
- rutorrent/plugins/hddquota: Bumped version to 1.15
- ruTorrent: Updated to version 3.7
- install.sh: Bumped rTorrent/libTorrent to 0.9.6/0.13.6, bumped xmlrpc-c to revision 2776
- rTorrent: Updated to 0.9.6/0.13.6
- update-step2: Make openvpn config package even if this is not an install run
- update-step2: fix flexget install if clause
- pulsedBox: Login for mds now fixed
- ruTorrent: Changed URI for css & js files to make sure cached copies are not attempted with new version
- update-step2: put back in to update ruTorrent index.html
- update-step2: Configure OpenVPN, Create certs, create client config package and provide files to users at /home/openvpn-**servername**.ovpn and /home/openvpn-**servername**.crt where as dots (.) have been replaced with dashes (-)
- update-step2: Make a tarball of OpenVPN config in skel, and provide it to userspace as well.
- setupNetwork.php: Create OpenVPN masquerade rules
- (GUI) welcome.php: Add beta disclaimer to ownCloud
- update-step2: Oops, openvpn config should probably reside under www
- update-step2: trim hostname before using for filename
- update-step2: flexget installation string match fix
- update-step2: Install mkvtoolnix, add mkvtoolnix repo
- userConfig: Refactoring on ruTorrent stuff
- update-step2: Refactoring on ruTorrent stuff
- skel/www/rutorrent: Updated to latest with new plugins
- etc/seedbox/config/template.rutorrent.config: Updated to new
- etc/seedbox/config/template.rutorrent.access: Updated to new
- lib/update: Add rutorrent config function
- userConfig: Change to using that function
- update-step2: Reconfigure ruTorrent
- update-step2: Reordering all together everything related to ruTorrent on per user basis and some refactoring
- ruTorrent Update Latest version, should migrate settings etc. and reconfig properly :)
- update-step2: removal of removing check port plugin. Seems to be working ok again?
- update-step2: Install flexget, buildtools32, python-pip
- install.sh: Slight reordering of package installs to make initial setup even faster (human time wise)
- install.sh: Add lftp to be installed
- update-step2: Add lftp to be installed
- php.ini: Default memory max increased to 512MiB, upload max filesize to 16GiB and max simultaneous uploads to 50
- addUser.php: refactoring and adding a chown to make sure everything is setup allright in regards of retrackers
- update-step2: Another fix for retrackers related stuff
- userPermissions.php: Couple small fixes related to the above
- Small update to rTorrent + libtorrent, faster tracker check interval default setting, and close idle connections faster
- install.sh: Refactoring to have all questions at the beginning
- install.sh: Added many of the pkgs from update-step2 here, so we can later on remove them from update-step2
- util/setupNetwork.php: commented out link speed determination - not required
- install.sh: sysfs added net.ipv4.ip_forward = 1
- setupNetwork.php: added enabling ipv4 ip forward
- userPermissions.php: path fixes
- addUser.php: Typo fix
- (GUI) welcome.php: Updated with owncloud install link, and removed the need to visit setup-owncloud-finish.php
- (GUI) Frames: Added owncloud tab if present
- skel/www/setup-owncloud-finish.php: removed
- update-step2: removed setup-owncloud-finish.php, and made owncloud setup file insertion conditional
- (GUI) welcome.php: Organized the download links and fixed them :)
- (GUI) welcome.php: Fixed quota warning var giving notices on error log
- (GUI) stats.php: Changed getting IP to remote service
- update-step2, addUser.php, userPermissions.php: Continuum of the earlier, apparently there's a slight logic error on ruTorrent preventing torrents directory from being created
- update-step2: Fixed permissions bug introduced by yesterday's changes
- addUser.php: Same fix as above
- userPermissions.php: Fixing retroactively these. This is executed on server update.
- checkInstances: Killing possible rTorrent processes fix.
- root cron: Change check Lighttpd for every 5 mins, delay beginning 30 secs
- error-502: Wording change
- addUser & update-step2: Adding retracker plugin config
- createNginxConfig: Trim port number added
- configureLighttpd: Increased potential port range
- terminateUser: Remove lighttpd port config and nginx config
- terminateUser: Some wording changes shown to user.
- Nginx: Custom 502 error page
- util/createNginxConfig.php: Add template for proxy_params
- Nginx: Increase proxy read timeout to 120s
- skel/.lighttpd/php.ini: Increase max execution time to 90s and increase max memory to 256M per process! Increase Max file upload size from 2M to 32M, POST max size from 8MB to 32MB
- update-step2: Fix owncloud setup files path.
- update-step2: Add php.ini to the files to be updated
- update-step2: Install packages flac, lame, lame-doc and mp3diags
- cron/diskIostat.php: Add disk quantity
- cron/diskIostat.php: fix output camelCase
- Added ownCloud installers - Install is now very simple and easy!
- template.lighttpd: Added ownCloud directives for security
- util/update-step2.php: Added update-rc.d lighttpd remove
- util/update-step2.php: Added copying latest ownCloud setup files
- cron/diskIostat.php: bug fix on device selection, on some edge cases the grouping was chosen incorrectly
- cron/diskIostat.php: Added cron job to gather current iostat info, 120 sec data
- cron.d/pmss: Run diskIostat every 15 mins
- util/userPermissions.php: Fixed xargs argument bug for delimiter
- cron/diskIostat.php: Added logging to -history file as well for historic data, for potential later needs
- userPermissions.php: Find all directories under user account and chmod them to 751 (default directory permissions: rwxr-x--x).
- userPermissions.php: Chmod .ssh if the directory exists
- userPermissions.php: Chowning as well to make sure right user & group owns the directory.
- updates-step2.php: Added ZNC and ZNC-EXTRA packages
- configureLighttpd.php: Typo fix
Some bug fixing to yesterday's release
- userPermissions.php: chmod 771 couple temp dirs for each user's lighttpd
- update-step2.php: apt-get remove go git mercurial added since these packages are not needed
This release is all about converting to per user lighttpd processes and several bug fixes, and hence enhancing service quality and security while opening the door for future new feature developments. This also adds capability for public web hosting from the seedbox.
- install.sh: remove packages golang git mercurial
- update-step2: remove packages golang git mercurial
- install.sh: also put into fstab vfsv1 instead of vfsv0
- update-step2: remove migration to vfsv1 since this is prone to breaking quota data. need to look for better migration method.
- etc/seedbox/config/template.lighttpd added and created
- etc/skel/lighttpd directory added
- etc/seedbox/config/template.nginx-user added and created
- etc/seedbox/config/template.nginx added and created
- util/configureLighttpd.php: Created configurator for per user lighttpd configs
- etc/skel/lighttpd/compress directory added
- etc/skel/lighttpd/upload directory added
- template.lighttpd: both password protected (normal GUI) and public web directories included in the config where user can run whatever they please.
- changePw.php: changes now the per user htpasswd file (username/.lighttpd/.htpasswd)
- addUser.php: use changePw.php script instead of set in the file
- addUser.php: if password rand has been passed, use a random password.
- addUser.php: remove chmod rules
- addUser.php: if runtime/trafficLimits dir does not exist, create it
- addUser.php: use configureLighttpd.php script instead of setting it up hardcoded within the script
- addUser.php: change expire date to 2100-01-01
- addUser.php: Do not add user to www-data group
- util/createNginxConfig.php: Create per user proxy config files (idempotent) and set default nginx config from template
- createNginxConfig: Create SSL config.
- template.nginx: Include SSL config
- scripts/startLighttpd added and created
- scripts/cron/checkLighttpdInstances.php added and created
- update-step2: Added all the lighttpd configuring, installing packages, managing processes etc. there. This should be the bulk of conversion
- addUser.php: create nginx config, and restart nginx
- config/root.cron: Comment out checkHttpd for now and add checkLighttpdInstances in there
- userConfig.php: Do not launch traffic limit script if none has been passed
- lib/rtorrentConfig.php: If no logger, do not echo the contents (rel: addUser.php needlessly echoing rtorrent config)
- changePw.php: if password defined it's not set to correct variable and thus cannot set password
- changePw.php: Also check for existence of per user htpasswd file!
- util/checkUserHtpasswd.php: Created to move the user's password from global to per user.
- update-step2: run checkUserHtpasswd.php and restart all lighttpd processes
- update-step2: lots of permissions updates
- update-step2: remove some deprecated, commented out code
- util/userPermissions.php: created this to set all the folder and file permissions for the user directory. Now they are in one place!
- addUser.php: use userPermissions.php
- update-step2: use userPermissions.php
- template.lighttpd: Use per user php.ini and change fcgi settings a bit
- skel/.lighttpd/php.ini added
- configureLighttpd.php: Add .lighttpd dir if it doesn't exist yet, separately check for php.ini as well.
- update-step2: Do not remove autotools plugin if it is present
- update-step2: add package ntp
- checkUserHtpasswd.php: Chown the newly created .htpasswd file
- userPermissions.php: set htpasswd file perms as well
- update-step2: move earlier in the process to make the move to nginx etc. for working conversions. make sure lighttpd processes are stopped.
- update.php: remove recreateLighttpdConfig & restart, replace with nginx
- release packager: include .lighttpd directory into the skel package.
- userPermissions.php: some chowns and extra rules required for smooth conversion
- terminateUser.php: replace lighttpd related commands with nginx replacements
- terminateUser.php: remove deleting htpasswd. Add deleting home dir in case userdel does not remove it
- recreateUser.php: Changed to fit the new model.
- configureLighttpd.php: Also check for public html directory
- update-step2: Do the configs twice to be certain, as another update step might have affected.
- quotaFix.php: added -n flag for quotacheck to automatically answer questions
- install.sh: Update quota vfsv0 to vfsv1 to support large quotas
- update-step2: Update quota vfsv0 to vfsv1 to support large quotas, and commit change + execute quotaFix
- update-step2: Check if user is suspended, if so do not make updates
- update-step2: Reinstalling unpack plugin for ruTorrent which was earlier removed for abuse causing extremely high loads on a server
- update-step2: moved the location of nzbdrone repos to the normal repo list, cannot move sonarr because https transport needs to be first installed.
- update-step2: Refactored stopping & disabling services not needed for "global" user
- update-step2: added apt-get -f install -y to fix potentially broken or missing dependencies
- update-step2: Forgot to add -y toggle for sabnzbdplus package install requiring manual intervention
- install.sh: Added locate apt package, since some minimal installs are missing this
- update-step2: Added locate apt package
- install.sh: Added python-pycurl, python-crypto, python-central packages
- update-step2: Install pyLoad and dependencies python-pycurl, python-crypto, python-central, golang, git, mercurial
- install.sh & update-step2: Install packages gcc g++ gettext python-cheetah curl fuse glib-networking libglib2.0-dev libfuse-dev apt-transport-https
- update-step2: Compile & install Megatools from source
- update-step2: Re-ordered package installs as some installation & compilations were attempted BEFORE installing the dependiences.
- update-step2: get, compile and install Mono 3.8.0
- update-step2: Install Sonarr / Nzbdrone. To start it execute mono /opt/NzbDrone/NzbDrone.exe and then browse to http://servername.pulsedmedia.com:8989 - remember to change port and set security + authentication credentials!
- update-step2: To make sure they are not running for non-specific seedbox user, stop btsync and pyload, and update-rc.d disable them
- update-step2: Install sabnzbdplus
- update-step2: ntpdate for some reason was not installed by default - included this on update
- update-step2: now vnstat config is checked on every update
- update-step2: vnstatConfig also sets maxbandwidth higher
- apt-get clean & update for some reason missing from update.php - added, and also temporarily for step2
- Security update on lighttpd config.
- btsync sample config now in skel as .btsync.conf-sample
- btsync binary added to /usr/bin/btsync now.
- rutorrent/share/settings/rss folder was missing, created to skel and added to update for creating it
- trafficStats: Added logging also date & time. For some reason this was not logged.
- trafficLog: removed serverApi calls as cnc is not utilized anymore
- skel/www/rutorrent/plugins/check_port removed as well. was prior removed only on update. this plugin doesn't function anymore as expected.
- some debug logging added for trafficStats cron
Can be found at PM Software Stack Changelog 2011-2014